Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music
All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => Mail issue , problem , configuration => Topic started by: golfreeze on มกราคม 23, 2011, 12:58:17 am
-
http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-and-dovecot-on-ubuntu8.04-p4
-
deb http://ftp.debianclub.org/debian/lenny main
deb-src http://ftp.debianclub.org/debian/lenny main
#deb http://security.debian.org/lenny/updates main
#deb-src http://security.debian.org/lenny/updates main
#deb http://volatile.debian.org/debian-volatilelenny/volatile main
#deb-src http://volatile.debian.org/debian-volatilelenny/volatile main
deb http://mirror1.ku.ac.th/debian/lenny main contrib non-free
deb http://mirror1.ku.ac.th/debian/lenny-proposed-updates main contrib non-free
deb http://mirror1.ku.ac.th/debian-security/lenny/updates main contrib non-free
-
##IRED
http://www.howtoforge.com/iredmail-mail-server-with-ldap-postfix-roundcube-squirrelmail-dovecot-clamav-spamassassin-amavisd-debian-5.0.1
deb http://mirrors.163.com/debianlenny main contrib non-free
deb http://security.debian.org/lenny/updates main contrib non-free
-
* For OpenLDAP backend:
# cd /path/to/iRedMail-x.y.z/tools/
# sh create_mail_user_OpenLDAP.sh domain.ltd user01 user02 user03
It will create domain 'domain.ltd' and there new accounts: user01@domain.ltd,
user02@domain.ltd, user03.domain.ltd. The password is there username.
##Doc Iredmail
http://code.google.com/p/iredmail/wiki/Admin_Guide#How_to_set_default_login_domain?
##Doc
http://code.google.com/p/iredmail/wiki/Installation_on_Debian
#postfix ldap
http://www.boobah.info/howto/postfix-ldap.html
#postfix courier
http://www.root-it.fiberworld.nl/vriesman.tk/postfix-courier-ldap-howto.html
-
วันนี้ ได้ลองลงตัว phamm กับ postfix + postfix-ldap ครับ
ตอน testing
#telnet localhost 25
ถ้าตามดู log จะมีปัญหาดังนี้ คือ
Nov 10 09:38:20 pop00 postfix/trivial-rewrite[14838]: warning: dict_ldap_lookup: vacationforward:
Search base 'o=mail,dc=xxx,dc=com' not found: 32: No such object
Nov 10 09:38:20 pop00 postfix/trivial-rewrite[14838]: fatal: ldap:vacationforward(0,lock|fold_fix):
table lookup problem
Nov 10 09:38:21 pop00 postfix/master[14527]: warning: process /usr/lib/postfix/trivial-rewrite pid
14838 exit status 1
Nov 10 09:38:22 pop00 postfix/trivial-rewrite[14839]: warning: dict_ldap_lookup: vacationforward:
Search base 'o=mail,dc=xxx,dc=com' not found: 32: No such object
Nov 10 09:38:22 pop00 postfix/trivial-rewrite[14839]: fatal: ldap:vacationforward(0,lock|fold_fix):
table lookup problem
Nov 10 09:38:23 pop00 postfix/master[14527]: warning: process /usr/lib/postfix/trivial-rewrite pid
14839 exit status 1
Nov 10 09:38:23 pop00 postfix/smtpd[14836]: warning: problem talking to service rewrite: Success
Nov 10 09:38:23 pop00 postfix/master[14527]: warning: /usr/lib/postfix/trivial-rewrite: bad command
startup -- throttling
แสดงว่า user ที่กำหนดใน config ของ main.cf ไม่สามารถ query ข้อมูลได้
##LDAP Connector
ldap_bind_dn = cn=phamm,o=mail,dc=xxx,dc=com
ldap_bind_pw = xxx
cn=phamm,o=mail,dc=xxx,dc=com ไม่สามารถเรียกได้
เปลี่ยนเป็น user admin ที่สามารถใช้งานเรียก query ได้
##LDAP Connector
ldap_bind_dn = cn=admin,dc=xxx,dc=com
ldap_bind_pw = xxx
เมื่อลอง telnet อีกรอบก็สามารถ ส่งเมลได้ครับผม
-
ถ้า ตอน test login ส่งเมล แล้วเกิดปัญหาตาม log แบบนี้
Nov 10 16:45:59 pop00 postfix/pipe[17855]: 025CD4C805E: to=<golf@example.com>;, relay=maildrop,
delay=11, delays=11/0/0/0.04, dsn=5.1.1, status=bounced (user unknown. Command output: ERR:
authdaemon: s_connect() failed: Permission denied Invalid user specified. )
แก้ไขโดย
chmod 755 /var/run/courier/authdaemon
แล้ว restart postfix 1 รอบครับ ก็สามารถ create account แล้วก็สร้าง
mailbox ให้ละ
-
## ถ้าเราส่งเมลแล้วขึ้น error "temporary failure. Command output: /usr/bin/maildrop: Unable
to create a dot-lock at example.com/xxx/6994.0.pop01."
##ถ้าเราใช้ maildrop ใน postfix ด้วยให้ config ที่ไฟล์ดังนี้
#vi /etc/maildroprc
############# Begin #############
MAILDIR=$HOME/$DEFAULT
`test -d "$MAILDIR"` # check if dir exist
if ($RETURNCODE != 0)
{
`mkdir -p $MAILDIR` # create dirs with parents
`rmdir $MAILDIR` # remove dir for init
`/usr/bin/maildirmake $MAILDIR` # create maildir
}
############ Finish ##############
#/etc/init.d/postfix restart
แล้วลองส่งอีกรอบ ครับ
-
###authdaemon และ การลง postfix + sasl authentication
http://workaround.org/articles/ispmail-sarge/index.shtml.en#postfix-sasl
http://nsrc.org/workshops/2005/pre-SANOG-VI/bc/mail/courier.htm
-
setting up DKIM
DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization
to take responsibility for a message in a way that can be validated by a recipient. Read more about
it at the wikipedia entry
ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here
1. install dkim $ cd /usr/ports/mail/dkim-milter
$ make install clean
$ echo "milterdkim_enable='YES'" >> /etc/rc.conf
$ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid
as the postfix service
2. setup keys $ mkdir -p /var/db/dkim/domains/example.com
$ cd /var/db/dkim
$ dkim-genkey # this creates a key and domain record file
$ mv default.private domains/example.com/my_awesome_selector
$ cat default.txt >> /etc/named/your_example.com_zone_file
$ echo
"*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector"
>> keylist repeat these steps for additional domains
see the man page dkim-filter.conf(5) for more info on the keylist content format
3. edit /usr/local/etc/mail/dkim-filter.conf
I used mostly default settings with the following exceptions DNSTimeout 5 # this should be
lower than postfix's timeout
Domain example.com # this may not be necessary given the use of a keylist file
KeyList /var/db/dkim/keylist
On-Default accept # shit happens, don't freak out on DNS lookups, etc...
Socket local:/var/run/milterdkim/sock
Syslog yes # the default syslog facility is 'mail'
4. configure postfix
add the following lines to main.cf milter_default_action = accept
milter_protocol = 3
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
non_smtpd_milters = unix:/var/run/milterdkim/sock
5. re/start services /etc/rc.d/named reload
/usr/local/etc/rc.d/milter-dkim start
/usr/local/etc/rc.d/postfix reload
make sure it works! you can send a test mail to check- auth@verifier.port25.com and you will receive
a report including DKIM info.
-
##icez on centos
http://www.icez.net/blog/398/postfix-domainkeys-dkim
##ฝรั่ง
http://blog.munkyboy.com/
-
##############install saslauthd on debian
##### ลง sasl ใน debian
apt-get install libsasl2-modules
apt-get install sasl2-bin
To have the the sasl authentication daemon listening where Postfix will be looking for it,
we’ll need to edit the init script for saslauthd. Open the /etc/init.d/saslauthd file in
your favorite editor and enter the following line in the header (under PWDIR):
PARAMS="-m /var/spool/postfix/var/run/saslauthd"
ff:/etc/init.d# chown -R root:sasl /var/spool/postfix/var/
ffi:/etc/init.d# adduser postfix sasl
To enable saslauthd to start, edit the /etc/default/saslauthd file and add this:
START=yes
MECHANISMS="pam"
Start saslauthd and check that is running. Issue the following command:
ps waux | grep saslauthd
You should see:
root 6143 0.0 0.2 5916 1432 ? S 08:53 0:00 /usr/sbin/saslauthd -m
/var/spool/postfix/var/run/saslauthd -a pam
NOTE! Many people have had problems with sasl not working correctly. This is almost always due to
sasl not shuting down or acceptting the new settings. If you have problems with sasl, kill -9 all of
its PID's or simply reboot.
See this: http://www.fatofthelan.com/forums/viewtopic.php?t=86
To check that sasl is indeed working, use the testsaslauthd command with your username and
password:
testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux
If everything is setup correctly, you should see:
0: OK "Success."
To have Postfix use sasl, you need to add this (preserving the spaces and commas!) to your main.cf:
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
-
Mail flow ของตัว Iredmail ครับ
(http://www.iredmail.org/images/process.png)
-
ตัว iredapd มีปัญหาขึ้น error 127.0.0.1:7777 Connection refused เป็นบ่อยมาก
ทำให้ใช้งาน email ไม่ได้ ต้อง restart เครื่องถึงจะหา แล้วสักพักก็เป็นอีก
จาก log
Mar 19 15:43:48 eve postfix/smtpd[2121]: warning: connect to 127.0.0.1:7777: Connection refused
Mar 19 15:43:48 eve postfix/smtpd[2121]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: warning: connect to 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: NOQUEUE: reject: RCPT from mail-iy0-f173.google.com[209.85.210.173]: 451 4.3.5 Server configuration problem; from=<____@gmail.com> to=<_____@servix.pl> proto=ESMTP helo=<mail-iy0-f173.google.com>
Mar 19 15:43:49 eve postfix/smtpd[2121]: disconnect from mail-iy0-f173.google.com[209.85.210.173]
ลองหาอ่านไปเจอว่าต้องอัฟตัว hotfix ของตัว iredapd ที่มีการติดต่อกับ sql ครับ
- Download these two files:
http://iredapd.iredmail.googlecode.com/hg/src/iredapd.py
http://iredapd.iredmail.googlecode.com/hg/src/plugins/sql_alias_access_policy.py
- Replace /opt/iredapd/src/iredapd.py with downloaded "iredapd.py".
- Replace /opt/iredapd/src/plugins/sql_alias_access_policy.py with downloaded
"sql_alias_access_policy.py".
- Set correct file permission on these two new files:
# chown iredapd:iredapd /opt/iredapd/src/iredapd.py
# chown iredapd:iredapd /opt/iredapd/src/plugins/sql_alias_access_policy.py
# chmod 0700 /opt/iredapd/src/iredapd.py
# chmod 0700 /opt/iredapd/src/plugins/sql_alias_access_policy.py
- Restart iRedAPD service.
# /etc/init.d/iredapd restart
อ่านเพิ่มเติมที่
http://www.iredmail.org/forum/topic1972-hotfix-for-iredmail071-mysql-backend-iredapd-stops-suddenly.html
-
เพิ่มเติมในส่วนของ iredmail ครับ
เราทำการเพิ่ม config ตัว check blacklist ip spam ได้ดังนี้ ครับ เพิ่มที่ไฟล์ /etc/postfix/main.cf
ในส่วนของ smtpd_recipient_restrictions เพิ่มเป็นดังนี้ ครับ
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client l1.spews.dnsbl.sorbs.net,reject_rhsbl_sender rhsbl.sorbs.net,reject_rhsbl_client rhsbl.sorbs.net, check_policy_service inet:127.0.0.1:10031
เสร็จแล้วทำการ reload postfix
#/etc/init.d/postfix reload
แล้วดูจาก maillog ได้ครับ ว่าจะเห็นมีการ block black list ให้ดังนี้